Protecting Data

Simpler, stronger authentication

By Erica Rascón on May 14, 2014 in Technology

As the digital storehouse of sensitive data grows, the quest for secure authentication continues. Heartbleed jarred many of us. Data on our most popular (and presumably better protected) sites was exposed and, in some cases, compromised. The introduction of biometrics was a step in the right direction but Heartbleed reminded us that biometrics only protect a device; currently, such technology doesn’t fend off hackers from laptops, desktops, and the individual websites and apps that we use each day. Most of our data is still protected via password and even the cleverest passwords meet their match when hackers are intent to crack them. This poses a huge hurdle for companies whose user passwords protect countless pieces of sensitive client information.

Fast Identity Online Alliance (FIDO), whose members include the likes of Google and PayPal, seek ways to decrease dependency on passwords. Its goal is to develop “technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.” In other words, create simpler, stronger authentication.

One of FIDO’s most recent innovations is a piece of hardware, simply called the authenticator, that may replace individual passwords. The hardware will communicate directly with the websites that you’re visiting, creating a distinct digital key for each digital lock. No access information is stored remotely, reducing hackers’ access to pools of passwords and the information that they protect. The hardware itself may rely on biometric access to prevent misuse if lost or stolen.

FIDO’s authenticator is still under development but its business potential is evident. Employers could issue the hardware to employees, limiting potential human errors. Employees would not have to worry about changing passwords every 90 days, creating weak passwords, forgetting or sharing their credentials. Even if a device is a lost or stolen, it will be much more difficult for intruders to access sensitive data within the system or online without a biometrics-based authenticator.

Though it is just a concept at this stage, the authenticator seems like a more feasible authentication tool than a pill or tattoo. Employees may be hesitant to swallow a company-issued microchip each day, much less receive a company-mandated tattoo in a world where technology changes rapidly.

Other researchers are approaching the password dilemma from a different angle, aiming to make how we connect to the internet more secure. Many of today’s internet connections are wireless, relying on a password to access the router. A team at the University of Liverpool created the Chameleon virus that spreads via wi-fi like a cold. They are now working backwards in an effort to make wi-fi connections more secure.

It is unclear which new innovations will replace passwords but one thing is evident: passwords are approaching their horizon. The demand for stronger authentication tools has triggered numerous creative solutions, each a rung in the ladder away from another Heartbleed scare.